Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Shortcodes Plugin — Shortcodes Ultimate — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in WP Shortcodes Plugin — Shortcodes Ultimate, with AI-generated Chinese analysis, references, and POCs.

Vendor: Vova Anokhin

CVE IDTitleCVSSSeverityPublished
CVE-2026-3885 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode CWE-79 6.4 Medium2026-04-16
CVE-2026-0737 Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode CWE-79 6.4 Medium2026-04-04
CVE-2026-0738 Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode CWE-79 6.4 Medium2026-04-04
CVE-2026-2480 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute CWE-79 6.4 Medium2026-03-31
CVE-2025-12800 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery CWE-918 6.4 Medium2025-11-23
CVE-2025-8015 Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link CWE-79 6.4 Medium2025-07-22
CVE-2025-7369 Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution CWE-352 6.1 Medium2025-07-21
CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes CWE-79 6.4 Medium2025-07-21
CVE-2025-5567 Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute CWE-79 6.4 Medium2025-07-04
CVE-2025-0370 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter CWE-79 6.4 Medium2025-03-04
CVE-2024-8500 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting CWE-79 5.4 Medium2024-10-23
CVE-2024-4821 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode CWE-79 6.4 Medium2024-06-05
CVE-2024-4553 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode CWE-79 6.4 Medium2024-05-21
CVE-2024-3548 Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS 6.1AIMediumAI2024-05-15
CVE-2024-3550 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-05-02
CVE-2024-3188 Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS 5.4AIMediumAI2024-04-26
CVE-2024-2583 Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS 5.4 -2024-04-13
CVE-2024-1808 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode CWE-79 6.4 Medium2024-02-28
CVE-2024-0792 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode CWE-79 6.4 Medium2024-02-20
CVE-2024-1510 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode CWE-79 6.4 Medium2024-02-20
CVE-2023-6488 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 5.4 Medium2023-12-19
CVE-2023-6225 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2023-11-28
CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure CWE-639 4.3 Medium2023-11-28
CVE-2023-23800 WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Server Side Request Forgery (SSRF) CWE-918 7.1 High2023-11-13

All 24 known CVE vulnerabilities affecting WP Shortcodes Plugin — Shortcodes Ultimate with full Chinese analysis, references, and POCs where available.